package com.dongdongshop.shiro;
import com.alibaba.dubbo.config.annotation.Reference;
import com.dongdongshop.pojo.TbUser;
import com.dongdongshop.service.TbUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
//这个类就是我们写登录逻辑和授权逻辑的一个类
//AuthorizingRealm 既有登录功能又有授权功能
public class LoginRealm extends AuthorizingRealm {
    @Reference
    private TbUserService tbUserService;
    //授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("进入授权方法");
        return null;
    }
    //认证方法 :调用subject的login方法的时候进入
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //执行登录逻辑
        UsernamePasswordToken token =(UsernamePasswordToken)authenticationToken;
         TbUser tbUser = tbUserService.selectById(token.getUsername());
         if(tbUser==null){
             return null;
         }
       //第一个参数是登录成功后需要放到session中的对象,第二个参数;是数据库查询出来的密码 第三个:用户的名字
        //密码加密MD5 MD4..使用哈希算法:将一个字符串计算出一个毫无规律杂凑字符串 特点:正向快速,不可逆
        return new SimpleAuthenticationInfo(tbUser,tbUser.getPassword(), ByteSource.Util.bytes("e2b924"),tbUser.getUsername());
    }
}
